Send documentation comments to mdsfeedback-doc@cisco.com
4-126
Cisco MDS 9000 Family Command Reference
OL-8413-07, Cisco MDS SAN-OS Release 3.x
Chapter 4 C Commands
crypto key zeroize rsa
crypto key zeroize rsa
To delete an RSA key pair from the switch, use the crypto key zeroize rsa command in configuration
mode.
crypto key zeroize rsa key-pair-label
Syntax Description
Defaults None.
Command Modes Configuration mode.
Command History
Usage Guidelines If you believe the RSA key pair on your switch was compromised in some way and should no longer be
used, you should delete it.
After you delete the RSA key pair on the switch, ask the CA administrator to revoke your switch’s
certificates at the CA. You must supply the challenge password you created when you originally
requested the switch’s certificates.
Before deleting a key pair, you should delete the identity certificates corresponding to it in various trust
points if the identity certificates exist, and then disassociate the key pair from those trust points. The
purpose of this is to prevent accidental deletion of a key pair for which there exists an identity certificate
in a trust point.
Note The trust point configuration, certificates, and key pair configurations are made persistent only after
saving to the startup configuration. To be consistent with this configuration behavior, the delete behavior
is also the same. That is, the deletions are made persistent only after saving to the startup configuration.
Use the copy running-config startup-config command to make the certificate and key pair deletions
persistent.
Examples The following example shows how to delete an RSA key pair called testkey.
switch# config terminal
switch(config)# crypto key zeroize rsa testkey
key-pair-label Specifies the RSA key pair to delete. The maximum size is 64
characters.
Release Modification
3.0(1) This command was introduced.
To Next Page
Loading...
Need help?
General